FastLogin

mirror of https://github.com/TuxCoding/FastLogin.git synced 2026-01-26 09:02:19 +01:00

Author	SHA1	Message	Date
games647	f513cffbaf	Migrate tests to use Junit5	2022-07-22 13:24:57 +02:00
games647	cdb3c50b87	Merge pull request #837 from games647/dependabot/maven/org.mariadb.jdbc-mariadb-java-client-3.0.6 Bump mariadb-java-client from 3.0.5 to 3.0.6	2022-07-17 16:56:31 +02:00
games647	e338a768ca	Use class loader for loading the session key Related #849	2022-07-17 16:54:06 +02:00
games647	18a8d7a5dc	Replace Guava with Java joiner	2022-07-17 16:54:06 +02:00
games647	6cf1a79ae1	Reset ignore list of dependabot	2022-07-17 16:54:06 +02:00
games647	0e8b51e148	Minimize dependency jars	2022-07-17 16:54:06 +02:00
games647	ef34550a53	Merge pull request #848 from Smart123s/fix/duplicate/forwardccommand Remove duplicate forwardCrackedCommand()	2022-07-15 08:56:45 +02:00
Smart123s	fe1d4944a8	Remove duplicate forwardCrackedCommand() The forwardCrackedCommand() method is invoked before, the removed code, that does the exact same thing.	2022-07-14 17:11:25 +02:00
games647	423bfa2275	Re-enable force checkstyle check	2022-07-11 13:00:15 +02:00
games647	06b0cf9e02	Merge pull request #779 from Smart123s/feature/codeformatter Add a code formatter	2022-07-11 12:20:42 +02:00
games647	752600f0e2	Fix code formatting according to checkstyle config	2022-07-11 12:14:31 +02:00
Smart123s	cf53ecacdf	Disable hard to meet checkstyle requirements This is temporary.	2022-07-11 12:14:31 +02:00
Smart123s	b740331d31	Add checkstyle.xml Source: `0332cbe0ba/src/main/resources/sun_checks.xml`	2022-07-11 12:14:30 +02:00
Smart123s	13b2f22e31	Add code formatter Add checkstyle as maven goal This will fail the build if the code is not formatted properly	2022-07-11 12:14:30 +02:00
games647	d5d4a32c3f	Fix forwarding the correct player signature Fixes #843	2022-07-11 12:13:36 +02:00
games647	bea3503eff	Merge pull request #821 from games647/809-119-compatibility-1 1.19 Support	2022-07-11 09:43:17 +02:00
games647	adfae507ac	Flip velocity check to scan for newer Paper configurations first The PaperConfig class file still exists in newer versions	2022-07-08 16:43:02 +02:00
games647	e89cb3293a	Disable verify client keys by default for older compatibility This also mimics the default vanilla configuration.	2022-07-08 16:30:41 +02:00
games647	b4ddf4fb19	Reduce dependency list to improve on build time	2022-07-08 16:29:25 +02:00
games647	eb47dd3254	Restore compatibility with older Minecraft versions	2022-07-08 16:28:56 +02:00
games647	0b0a46a18a	Make client public key verification optional	2022-07-06 17:08:58 +02:00
games647	7c8de84a34	Bump dependencies	2022-07-06 17:08:57 +02:00
dependabot[bot]	c448be8c5f	Bump mariadb-java-client from 3.0.5 to 3.0.6 Bumps [mariadb-java-client](https://github.com/mariadb-corporation/mariadb-connector-j) from 3.0.5 to 3.0.6. - [Release notes](https://github.com/mariadb-corporation/mariadb-connector-j/releases) - [Changelog](https://github.com/mariadb-corporation/mariadb-connector-j/blob/master/CHANGELOG.md) - [Commits](https://github.com/mariadb-corporation/mariadb-connector-j/compare/3.0.5...3.0.6) --- updated-dependencies: - dependency-name: org.mariadb.jdbc:mariadb-java-client dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-07-04 07:04:41 +00:00
games647	339156be18	Use multiple threads to build the project	2022-07-02 12:37:49 +02:00
games647	944db748e8	Upgrade GitHub actions to use Java 18	2022-07-02 12:36:58 +02:00
games647	bb1cbb79f2	Support newer Paper configuration with clearer error messages	2022-06-28 18:40:51 +02:00
games647	cf356099a0	Fix public key timestamp verification.	2022-06-28 18:34:25 +02:00
games647	91c01e3422	Reuse verify token tick message for signature verification diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index 6c578ff..92e1dcd 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -153,11 +153,11 @@ public class ProtocolLibListener extends PacketAdapter { Runnable verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, sharedSecret, keyPair); plugin.getScheduler().runAsync(verifyTask); } else { - sender.kickPlayer("Invalid signature"); + sender.kickPlayer(plugin.getCore().getMessage("invalid-verify-token")); plugin.getLog().error("Invalid signature from player {}", sender); } } catch (NoSuchAlgorithmException \| InvalidKeyException \| SignatureException signatureEx) { - sender.kickPlayer("Invalid signature"); + sender.kickPlayer(plugin.getCore().getMessage("invalid-verify-token")); plugin.getLog().error("Invalid signature from player {}", sender, signatureEx); } }	2022-06-28 18:34:25 +02:00
games647	c118430bf5	Kick players using an invalid public key	2022-06-28 18:34:25 +02:00
games647	ce59172839	Log signature verification errors to help administrators diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index c3e159a..da28f38 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -154,9 +154,11 @@ public class ProtocolLibListener extends PacketAdapter { plugin.getScheduler().runAsync(verifyTask); } else { sender.kickPlayer("Invalid signature"); + plugin.getLog().error("Invalid signature from player {}", sender); } - } catch (NoSuchAlgorithmException \| InvalidKeyException \| SignatureException e) { + } catch (NoSuchAlgorithmException \| InvalidKeyException \| SignatureException signatureEx) { sender.kickPlayer("Invalid signature"); + plugin.getLog().error("Invalid signature from player {}", sender, signatureEx); } } }	2022-06-28 18:34:25 +02:00
games647	34e63b7eae	Make profile key optional	2022-06-28 18:34:25 +02:00
games647	e8bb3ec7a9	Validate other encryption methods	2022-06-28 18:34:24 +02:00
games647	1d46640b42	Limit length of server keys	2022-06-28 18:34:24 +02:00
games647	a0fddd69aa	Decrease necessary entropy for running tests	2022-06-28 18:34:24 +02:00
games647	700b889aa9	Improve precision and flexibility of encrypt methods	2022-06-28 18:34:24 +02:00
games647	3767b022a9	Migrate to guava hashing to replace unneeded exceptions	2022-06-28 18:34:24 +02:00
games647	11077a002d	Migrate public key to record	2022-06-28 18:34:24 +02:00
games647	d9bf7267a6	Test valid server key pairs	2022-06-28 18:34:23 +02:00
games647	53e6fe6ddf	Missing synchronization access to the username	2022-06-28 18:34:23 +02:00
games647	1c528fb9cb	Clean up diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BungeeManager.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BungeeManager.java index 49ff879..7149238 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BungeeManager.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BungeeManager.java @@ -36,6 +36,7 @@ import java.io.IOException; import java.lang.reflect.InvocationTargetException; import java.nio.file.Files; import java.nio.file.Path; +import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Set; @@ -62,7 +63,7 @@ public class BungeeManager { private final FastLoginBukkit plugin; private boolean enabled; - private final Set<UUID> firedJoinEvents = new HashSet<>(); + private final Collection<UUID> firedJoinEvents = new HashSet<>(); public BungeeManager(FastLoginBukkit plugin) { this.plugin = plugin; diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java index a6ac9b7..6153338 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/CrackedCommand.java @@ -44,7 +44,7 @@ public class CrackedCommand extends ToggleCommand { @Override public boolean onCommand(@NotNull CommandSender sender, @NotNull Command command, @NotNull String label, String[] args) { if (args.length == 0) { - onCrackedSelf(sender, command, args); + onCrackedSelf(sender); } else { onCrackedOther(sender, command, args); } @@ -52,7 +52,7 @@ public class CrackedCommand extends ToggleCommand { return true; } - private void onCrackedSelf(CommandSender sender, Command cmd, String[] args) { + private void onCrackedSelf(CommandSender sender) { if (isConsole(sender)) { return; } diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java index 26b6d31..9f1ef98 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/command/PremiumCommand.java @@ -51,7 +51,7 @@ public class PremiumCommand extends ToggleCommand { @Override public boolean onCommand(@NotNull CommandSender sender, @NotNull Command command, @NotNull String label, String[] args) { if (args.length == 0) { - onPremiumSelf(sender, command, args); + onPremiumSelf(sender); } else { onPremiumOther(sender, command, args); } @@ -59,7 +59,7 @@ public class PremiumCommand extends ToggleCommand { return true; } - private void onPremiumSelf(CommandSender sender, Command cmd, String[] args) { + private void onPremiumSelf(CommandSender sender) { if (isConsole(sender)) { return; } diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java index 8c61330..6412c6d 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginAutoLoginEvent.java @@ -28,6 +28,7 @@ package com.github.games647.fastlogin.bukkit.event; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.LoginSession; import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent; + import org.bukkit.event.Cancellable; import org.bukkit.event.Event; import org.bukkit.event.HandlerList; diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java index 6b2edfc..5bf6df9 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPreLoginEvent.java @@ -28,6 +28,7 @@ package com.github.games647.fastlogin.bukkit.event; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.LoginSource; import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent; + import org.bukkit.event.Event; import org.bukkit.event.HandlerList; import org.jetbrains.annotations.NotNull; diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPremiumToggleEvent.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPremiumToggleEvent.java index 146efb0..0904826 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPremiumToggleEvent.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/event/BukkitFastLoginPremiumToggleEvent.java @@ -27,6 +27,7 @@ package com.github.games647.fastlogin.bukkit.event; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent; + import org.bukkit.event.Event; import org.bukkit.event.HandlerList; import org.jetbrains.annotations.NotNull; diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java index fecfb73..45d5a5f 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/hook/AuthMeHook.java @@ -28,18 +28,20 @@ package com.github.games647.fastlogin.bukkit.hook; import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; import com.github.games647.fastlogin.core.hooks.AuthPlugin; + import fr.xephi.authme.api.v3.AuthMeApi; import fr.xephi.authme.events.RestoreSessionEvent; import fr.xephi.authme.process.Management; import fr.xephi.authme.process.register.executors.ApiPasswordRegisterParams; import fr.xephi.authme.process.register.executors.RegistrationMethod; + +import java.lang.reflect.Field; + import org.bukkit.entity.Player; import org.bukkit.event.EventHandler; import org.bukkit.event.EventPriority; import org.bukkit.event.Listener; -import java.lang.reflect.Field; - /** * GitHub: <a href="https://github.com/Xephi/AuthMeReloaded/">...</a> * <p> diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperCacheListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperCacheListener.java index e444ed9..44ff6ea 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperCacheListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/PaperCacheListener.java @@ -29,6 +29,7 @@ import com.destroystokyo.paper.profile.ProfileProperty; import com.github.games647.craftapi.model.skin.Textures; import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; + import org.bukkit.event.EventHandler; import org.bukkit.event.EventPriority; import org.bukkit.event.Listener; diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ManualNameChange.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ManualNameChange.java index cdf3999..2a36e88 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ManualNameChange.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ManualNameChange.java @@ -25,6 +25,7 @@ / package com.github.games647.fastlogin.bukkit.listener.protocollib; +import com.comphenix.protocol.ProtocolLibrary; import com.comphenix.protocol.events.PacketAdapter; import com.comphenix.protocol.events.PacketContainer; import com.comphenix.protocol.events.PacketEvent; @@ -36,8 +37,6 @@ import org.geysermc.floodgate.api.FloodgateApi; import static com.comphenix.protocol.PacketType.Login.Client.START; -import com.comphenix.protocol.ProtocolLibrary; - /* * Manually inject Floodgate player name prefixes. * <br> diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java index 485c065..d3b38ea 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java @@ -49,7 +49,7 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco private final FastLoginBukkit plugin; private final PacketEvent packetEvent; - private final PublicKey publicKey; + private final PublicKey serverKey; private final Random random; @@ -57,12 +57,12 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco private final String username; public NameCheckTask(FastLoginBukkit plugin, Random random, Player player, PacketEvent packetEvent, - String username, PublicKey publicKey) { + String username, PublicKey serverKey) { super(plugin.getCore(), plugin.getCore().getAuthPluginHook(), plugin.getBedrockService()); this.plugin = plugin; this.packetEvent = packetEvent; - this.publicKey = publicKey; + this.serverKey = serverKey; this.random = random; this.player = player; this.username = username; @@ -71,9 +71,9 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco @Override public void run() { try { - Optional<WrappedProfileKeyData> publicKey = packetEvent.getPacket().getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter()).read(0); + Optional<WrappedProfileKeyData> clientKey = packetEvent.getPacket().getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter()).read(0); - super.onLogin(username, new ProtocolLibLoginSource(player, random, publicKey.get(), this.publicKey)); + super.onLogin(username, new ProtocolLibLoginSource(player, random, clientKey.get(), serverKey)); } finally { ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent); } diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index 55a8f33..89d855d 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -127,7 +127,7 @@ public class ProtocolLibListener extends PacketAdapter { } } - private Boolean isFastLoginPacket(PacketEvent packetEvent) { + private boolean isFastLoginPacket(PacketEvent packetEvent) { return packetEvent.getPacket().getMeta(SOURCE_META_KEY) .map(val -> val.equals(plugin.getName())) .orElse(false); @@ -146,7 +146,7 @@ public class ProtocolLibListener extends PacketAdapter { long salt = FuzzyReflection.getFieldValue(signatureData, Long.TYPE, true); byte[] signature = FuzzyReflection.getFieldValue(signatureData, byte[].class, true); - PublicKey publicKey = session.getClientPublicKey().getKey(); + PublicKey publicKey = session.getClientPublicKey().key(); try { if (EncryptionUtil.verifySignedNonce(session.getVerifyToken(), publicKey, salt, signature)) { packetEvent.getAsyncMarker().incrementProcessingDelay(); diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java index d87b602..d4c1130 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java @@ -33,7 +33,6 @@ import com.comphenix.protocol.wrappers.WrappedChatComponent; import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData; import com.github.games647.fastlogin.core.shared.LoginSource; -import java.lang.reflect.InvocationTargetException; import java.net.InetSocketAddress; import java.security.PublicKey; import java.util.Arrays; @@ -64,7 +63,7 @@ class ProtocolLibLoginSource implements LoginSource { } @Override - public void enableOnlinemode() throws InvocationTargetException { + public void enableOnlinemode() { verifyToken = EncryptionUtil.generateVerifyToken(random); /* @@ -92,7 +91,7 @@ class ProtocolLibLoginSource implements LoginSource { } @Override - public void kick(String message) throws InvocationTargetException { + public void kick(String message) { ProtocolManager protocolManager = ProtocolLibrary.getProtocolManager(); PacketContainer kickPacket = new PacketContainer(DISCONNECT); diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java index 7d43835..3d4a807 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SkinApplyListener.java @@ -34,6 +34,9 @@ import com.comphenix.protocol.wrappers.WrappedSignedProperty; import com.github.games647.craftapi.model.skin.Textures; import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; + +import java.lang.reflect.InvocationTargetException; + import org.bukkit.entity.Player; import org.bukkit.event.EventHandler; import org.bukkit.event.EventPriority; @@ -41,8 +44,6 @@ import org.bukkit.event.Listener; import org.bukkit.event.player.PlayerLoginEvent; import org.bukkit.event.player.PlayerLoginEvent.Result; -import java.lang.reflect.InvocationTargetException; - public class SkinApplyListener implements Listener { private static final Class<?> GAME_PROFILE = MinecraftReflection.getGameProfileClass(); diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/FloodgateAuthTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/FloodgateAuthTask.java index acb3597..ef9fed0 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/FloodgateAuthTask.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/task/FloodgateAuthTask.java @@ -25,6 +25,11 @@ / package com.github.games647.fastlogin.bukkit.task; +import com.github.games647.fastlogin.bukkit.BukkitLoginSession; +import com.github.games647.fastlogin.bukkit.FastLoginBukkit; +import com.github.games647.fastlogin.core.shared.FastLoginCore; +import com.github.games647.fastlogin.core.shared.FloodgateManagement; + import java.net.InetSocketAddress; import java.util.UUID; @@ -33,11 +38,6 @@ import org.bukkit.command.CommandSender; import org.bukkit.entity.Player; import org.geysermc.floodgate.api.player.FloodgatePlayer; -import com.github.games647.fastlogin.bukkit.BukkitLoginSession; -import com.github.games647.fastlogin.bukkit.FastLoginBukkit; -import com.github.games647.fastlogin.core.shared.FastLoginCore; -import com.github.games647.fastlogin.core.shared.FloodgateManagement; - public class FloodgateAuthTask extends FloodgateManagement<Player, CommandSender, BukkitLoginSession, FastLoginBukkit> { public FloodgateAuthTask(FastLoginCore<Player, CommandSender, FastLoginBukkit> core, Player player, FloodgatePlayer floodgatePlayer) { diff --git a/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java b/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java index 365a198..6503ff9 100644 --- a/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java +++ b/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginAutoLoginEvent.java @@ -28,6 +28,7 @@ package com.github.games647.fastlogin.bungee.event; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.LoginSession; import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent; + import net.md_5.bungee.api.plugin.Cancellable; import net.md_5.bungee.api.plugin.Event; diff --git a/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java b/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java index b350763..2128cab 100644 --- a/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java +++ b/bungee/src/main/java/com/github/games647/fastlogin/bungee/event/BungeeFastLoginPreLoginEvent.java @@ -28,6 +28,7 @@ package com.github.games647.fastlogin.bungee.event; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.LoginSource; import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent; + import net.md_5.bungee.api.plugin.Event; public class BungeeFastLoginPreLoginEvent extends Event implements FastLoginPreLoginEvent { diff --git a/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncToggleMessage.java b/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncToggleMessage.java index 98c384c..2965855 100644 --- a/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncToggleMessage.java +++ b/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/AsyncToggleMessage.java @@ -29,8 +29,8 @@ import com.github.games647.fastlogin.bungee.FastLoginBungee; import com.github.games647.fastlogin.bungee.event.BungeeFastLoginPremiumToggleEvent; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.FastLoginCore; - import com.github.games647.fastlogin.core.shared.event.FastLoginPremiumToggleEvent.PremiumToggleReason; + import net.md_5.bungee.api.CommandSender; import net.md_5.bungee.api.ProxyServer; import net.md_5.bungee.api.chat.TextComponent; diff --git a/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/FloodgateAuthTask.java b/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/FloodgateAuthTask.java index 72719cf..5133198 100644 --- a/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/FloodgateAuthTask.java +++ b/bungee/src/main/java/com/github/games647/fastlogin/bungee/task/FloodgateAuthTask.java @@ -25,19 +25,19 @@ / package com.github.games647.fastlogin.bungee.task; +import com.github.games647.fastlogin.bungee.BungeeLoginSession; +import com.github.games647.fastlogin.bungee.FastLoginBungee; +import com.github.games647.fastlogin.core.shared.FastLoginCore; +import com.github.games647.fastlogin.core.shared.FloodgateManagement; + import java.net.InetSocketAddress; import java.util.UUID; -import org.geysermc.floodgate.api.player.FloodgatePlayer; - import net.md_5.bungee.api.CommandSender; import net.md_5.bungee.api.connection.ProxiedPlayer; import net.md_5.bungee.api.connection.Server; -import com.github.games647.fastlogin.bungee.BungeeLoginSession; -import com.github.games647.fastlogin.bungee.FastLoginBungee; -import com.github.games647.fastlogin.core.shared.FastLoginCore; -import com.github.games647.fastlogin.core.shared.FloodgateManagement; +import org.geysermc.floodgate.api.player.FloodgatePlayer; public class FloodgateAuthTask extends FloodgateManagement<ProxiedPlayer, CommandSender, BungeeLoginSession, FastLoginBungee> { diff --git a/core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java b/core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java index b6802a6..9caadef 100644 --- a/core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java +++ b/core/src/main/java/com/github/games647/fastlogin/core/hooks/DefaultPasswordGenerator.java @@ -26,7 +26,7 @@ package com.github.games647.fastlogin.core.hooks; import java.security.SecureRandom; -import java.util.Random; +import java.util.random.RandomGenerator; import java.util.stream.IntStream; public class DefaultPasswordGenerator<P> implements PasswordGenerator<P> { @@ -35,7 +35,7 @@ public class DefaultPasswordGenerator<P> implements PasswordGenerator<P> { private static final char[] PASSWORD_CHARACTERS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" .toCharArray(); - private final Random random = new SecureRandom(); + private final RandomGenerator random = new SecureRandom(); @Override public String getRandomPassword(P player) { diff --git a/core/src/main/java/com/github/games647/fastlogin/core/hooks/bedrock/FloodgateService.java b/core/src/main/java/com/github/games647/fastlogin/core/hooks/bedrock/FloodgateService.java index 7e6a1c2..1b555f1 100644 --- a/core/src/main/java/com/github/games647/fastlogin/core/hooks/bedrock/FloodgateService.java +++ b/core/src/main/java/com/github/games647/fastlogin/core/hooks/bedrock/FloodgateService.java @@ -54,14 +54,13 @@ public class FloodgateService extends BedrockService<FloodgatePlayer> { * <li>autoLoginFloodgate * <li>autoRegisterFloodgate * </ul> - * </p> * * @param key the key of the entry in config.yml * @return <b>true</b> if the entry's value is "true", "false", or "linked" / public boolean isValidFloodgateConfigString(String key) { String value = core.getConfig().get(key).toString().toLowerCase(Locale.ENGLISH); - if (!value.equals("true") && !value.equals("linked") && !value.equals("false") && !value.equals("no-conflict")) { + if (!"true".equals(value) && !"linked".equals(value) && !"false".equals(value) && !"no-conflict".equals(value)) { core.getPlugin().getLog().error("Invalid value detected for {} in FastLogin/config.yml.", key); return false; } @@ -87,7 +86,7 @@ public class FloodgateService extends BedrockService<FloodgatePlayer> { } else { core.getPlugin().getLog().info("Skipping name conflict checking for player {}", username); } - + //Floodgate users don't need Java specific checks return true; } @@ -98,7 +97,7 @@ public class FloodgateService extends BedrockService<FloodgatePlayer> { username can be found * <br> * <i>Falls back to non-prefixed name checks, if ProtocolLib is installed</i> - * + * * @param prefixedUsername the name of the player with the prefix appended * @return FloodgatePlayer if found, null otherwise / diff --git a/core/src/main/java/com/github/games647/fastlogin/core/shared/ForceLoginManagement.java b/core/src/main/java/com/github/games647/fastlogin/core/shared/ForceLoginManagement.java index c8c7bea..873a855 100644 --- a/core/src/main/java/com/github/games647/fastlogin/core/shared/ForceLoginManagement.java +++ b/core/src/main/java/com/github/games647/fastlogin/core/shared/ForceLoginManagement.java @@ -25,10 +25,10 @@ / package com.github.games647.fastlogin.core.shared; -import com.github.games647.fastlogin.core.storage.SQLStorage; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.hooks.AuthPlugin; import com.github.games647.fastlogin.core.shared.event.FastLoginAutoLoginEvent; +import com.github.games647.fastlogin.core.storage.SQLStorage; public abstract class ForceLoginManagement<P extends C, C, L extends LoginSession, T extends PlatformPlugin<C>> implements Runnable { diff --git a/core/src/test/java/com/github/games647/fastlogin/core/TickingRateLimiterTest.java b/core/src/test/java/com/github/games647/fastlogin/core/TickingRateLimiterTest.java index 3f753cd..34f196a 100644 --- a/core/src/test/java/com/github/games647/fastlogin/core/TickingRateLimiterTest.java +++ b/core/src/test/java/com/github/games647/fastlogin/core/TickingRateLimiterTest.java @@ -32,8 +32,8 @@ import java.util.concurrent.TimeUnit; import org.junit.Test; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; public class TickingRateLimiterTest { @@ -43,7 +43,7 @@ public class TickingRateLimiterTest { * Always expired / @Test - public void allowExpire() throws InterruptedException { + public void allowExpire() { int size = 3; FakeTicker ticker = new FakeTicker(5_000_000L); @@ -51,17 +51,17 @@ public class TickingRateLimiterTest { // run twice the size to fill it first and then test it TickingRateLimiter rateLimiter = new TickingRateLimiter(ticker, size, 0); for (int i = 0; i < size; i++) { - assertTrue("Filling up", rateLimiter.tryAcquire()); + assertThat("Filling up", rateLimiter.tryAcquire(), is(true)); } for (int i = 0; i < size; i++) { ticker.add(Duration.ofSeconds(1)); - assertTrue("Should be expired", rateLimiter.tryAcquire()); + assertThat("Should be expired", rateLimiter.tryAcquire(), is(true)); } } @Test - public void allowExpireNegative() throws InterruptedException { + public void allowExpireNegative() { int size = 3; FakeTicker ticker = new FakeTicker(-5_000_000L); @@ -69,12 +69,12 @@ public class TickingRateLimiterTest { // run twice the size to fill it first and then test it TickingRateLimiter rateLimiter = new TickingRateLimiter(ticker, size, 0); for (int i = 0; i < size; i++) { - assertTrue("Filling up", rateLimiter.tryAcquire()); + assertThat("Filling up", rateLimiter.tryAcquire(), is(true)); } for (int i = 0; i < size; i++) { ticker.add(Duration.ofSeconds(1)); - assertTrue("Should be expired", rateLimiter.tryAcquire()); + assertThat("Should be expired", rateLimiter.tryAcquire(), is(true)); } } @@ -90,10 +90,10 @@ public class TickingRateLimiterTest { // fill the size TickingRateLimiter rateLimiter = new TickingRateLimiter(ticker, size, TimeUnit.SECONDS.toMillis(30)); for (int i = 0; i < size; i++) { - assertTrue("Filling up", rateLimiter.tryAcquire()); + assertThat("Filling up", rateLimiter.tryAcquire(), is(true)); } - assertFalse("Should be full and no entry should be expired", rateLimiter.tryAcquire()); + assertThat("Should be full and no entry should be expired", rateLimiter.tryAcquire(), is(false)); } /* @@ -108,51 +108,51 @@ public class TickingRateLimiterTest { // fill the size TickingRateLimiter rateLimiter = new TickingRateLimiter(ticker, size, TimeUnit.SECONDS.toMillis(30)); for (int i = 0; i < size; i++) { - assertTrue("Filling up", rateLimiter.tryAcquire()); + assertThat("Filling up", rateLimiter.tryAcquire(), is(true)); } - assertFalse("Should be full and no entry should be expired", rateLimiter.tryAcquire()); + assertThat("Should be full and no entry should be expired", rateLimiter.tryAcquire(), is(false)); } /** * Blocked attempts shouldn't replace existing ones. / @Test - public void blockedNotAdded() throws InterruptedException { + public void blockedNotAdded() { FakeTicker ticker = new FakeTicker(5_000_000L); // fill the size - 100ms should be reasonable high TickingRateLimiter rateLimiter = new TickingRateLimiter(ticker, 1, 100); - assertTrue("Filling up", rateLimiter.tryAcquire()); + assertThat("Filling up", rateLimiter.tryAcquire(), is(true)); ticker.add(Duration.ofMillis(50)); // still is full - should fail - assertFalse("Expired too early", rateLimiter.tryAcquire()); + assertThat("Expired too early", rateLimiter.tryAcquire(), is(false)); // wait the remaining time and add a threshold, because ticker.add(Duration.ofMillis(50)); - assertTrue("Request not released", rateLimiter.tryAcquire()); + assertThat("Request not released", rateLimiter.tryAcquire(), is(true)); } /* * Blocked attempts shouldn't replace existing ones. */ @Test - public void blockedNotAddedNegative() throws InterruptedException { + public void blockedNotAddedNegative() { FakeTicker ticker = new FakeTicker(-5_000_000L); // fill the size - 100ms should be reasonable high TickingRateLimiter rateLimiter = new TickingRateLimiter(ticker, 1, 100); - assertTrue("Filling up", rateLimiter.tryAcquire()); + assertThat("Filling up", rateLimiter.tryAcquire(), is(true)); ticker.add(Duration.ofMillis(50)); // still is full - should fail - assertFalse("Expired too early", rateLimiter.tryAcquire()); + assertThat("Expired too early", rateLimiter.tryAcquire(), is(false)); // wait the remaining time and add a threshold, because ticker.add(Duration.ofMillis(50)); - assertTrue("Request not released", rateLimiter.tryAcquire()); + assertThat("Request not released", rateLimiter.tryAcquire(), is(true)); } } diff --git a/velocity/src/main/java/com/github/games647/fastlogin/velocity/listener/ConnectListener.java b/velocity/src/main/java/com/github/games647/fastlogin/velocity/listener/ConnectListener.java index 33c8c31..902fb03 100644 --- a/velocity/src/main/java/com/github/games647/fastlogin/velocity/listener/ConnectListener.java +++ b/velocity/src/main/java/com/github/games647/fastlogin/velocity/listener/ConnectListener.java @@ -45,9 +45,11 @@ import com.velocitypowered.api.proxy.InboundConnection; import com.velocitypowered.api.proxy.Player; import com.velocitypowered.api.proxy.server.RegisteredServer; import com.velocitypowered.api.util.GameProfile; +import com.velocitypowered.api.util.GameProfile.Property; import java.net.InetSocketAddress; import java.util.ArrayList; +import java.util.Collection; import java.util.List; import java.util.UUID; import java.util.concurrent.TimeUnit; @@ -121,7 +123,7 @@ public class ConnectListener { } } - private List<GameProfile.Property> removeSkin(List<GameProfile.Property> oldProperties) { + private List<GameProfile.Property> removeSkin(Collection<Property> oldProperties) { List<GameProfile.Property> newProperties = new ArrayList<>(oldProperties.size() - 1); for (GameProfile.Property property : oldProperties) { if (!"textures".equals(property.getName())) diff --git a/velocity/src/main/java/com/github/games647/fastlogin/velocity/task/AsyncToggleMessage.java b/velocity/src/main/java/com/github/games647/fastlogin/velocity/task/AsyncToggleMessage.java index 12444fc..8dc7d1c 100644 --- a/velocity/src/main/java/com/github/games647/fastlogin/velocity/task/AsyncToggleMessage.java +++ b/velocity/src/main/java/com/github/games647/fastlogin/velocity/task/AsyncToggleMessage.java @@ -32,6 +32,7 @@ import com.github.games647.fastlogin.velocity.FastLoginVelocity; import com.github.games647.fastlogin.velocity.event.VelocityFastLoginPremiumToggleEvent; import com.velocitypowered.api.command.CommandSource; import com.velocitypowered.api.proxy.Player; + import net.kyori.adventure.text.serializer.legacy.LegacyComponentSerializer; public class AsyncToggleMessage implements Runnable {	2022-06-28 18:34:23 +02:00
games647	b041a89209	Typo fixes	2022-06-28 18:34:23 +02:00
games647	a5942cba74	Use HTML links	2022-06-28 18:34:23 +02:00
games647	f44d7a6780	Forward client key to server diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index a3bb3d0..55a8f33 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -119,7 +119,7 @@ public class ProtocolLibListener extends PacketAdapter { case Continue: default: //player.getName() won't work at this state - onLogin(packetEvent, sender, username); + onLoginStart(packetEvent, sender, username); break; } } else { @@ -146,7 +146,6 @@ public class ProtocolLibListener extends PacketAdapter { long salt = FuzzyReflection.getFieldValue(signatureData, Long.TYPE, true); byte[] signature = FuzzyReflection.getFieldValue(signatureData, byte[].class, true); - BukkitLoginSession session = plugin.getSession(sender.getAddress()); PublicKey publicKey = session.getClientPublicKey().getKey(); try { if (EncryptionUtil.verifySignedNonce(session.getVerifyToken(), publicKey, salt, signature)) { @@ -162,7 +161,7 @@ public class ProtocolLibListener extends PacketAdapter { } } - private void onLogin(PacketEvent packetEvent, Player player, String username) { + private void onLoginStart(PacketEvent packetEvent, Player player, String username) { //this includes ip:port. Should be unique for an incoming login request with a timeout of 2 minutes String sessionKey = player.getAddress().toString(); diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java index d13a5c9..ed84298 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java @@ -43,6 +43,7 @@ import com.github.games647.craftapi.model.skin.SkinProperty; import com.github.games647.craftapi.resolver.MojangResolver; import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; +import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import java.io.IOException; import java.lang.reflect.Method; @@ -168,7 +169,7 @@ public class VerifyResponseTask implements Runnable { session.setVerified(true); setPremiumUUID(session.getUuid()); - receiveFakeStartPacket(realUsername); + receiveFakeStartPacket(realUsername, session.getClientPublicKey()); } private void setPremiumUUID(UUID premiumUUID) { @@ -253,7 +254,7 @@ public class VerifyResponseTask implements Runnable { } //fake a new login packet in order to let the server handle all the other stuff - private void receiveFakeStartPacket(String username) { + private void receiveFakeStartPacket(String username, ClientPublicKey clientKey) { //see StartPacketListener for packet information PacketContainer startPacket = new PacketContainer(START); @@ -261,7 +262,8 @@ public class VerifyResponseTask implements Runnable { startPacket.getStrings().write(0, username); EquivalentConverter<WrappedProfileKeyData> converter = BukkitConverters.getWrappedPublicKeyDataConverter(); - startPacket.getOptionals(converter).write(0, Optional.empty()); + var key = new WrappedProfileKeyData(clientKey.getExpiry(), clientKey.getKey(), sharedSecret); + startPacket.getOptionals(converter).write(0, Optional.of(key)); } else { //uuid is ignored by the packet definition WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username);	2022-06-28 18:34:23 +02:00
games647	0f17fe18f9	Document origin of signing keys	2022-06-28 18:34:22 +02:00
games647	dac5cd7639	Verify signed nonce diff --git a/bukkit/pom.xml b/bukkit/pom.xml index 9b3c5c5..c1f63ba 100644 --- a/bukkit/pom.xml +++ b/bukkit/pom.xml @@ -179,6 +179,19 @@ <version>1.0.7</version> </dependency> + <dependency> + <groupId>com.mojang</groupId> + <artifactId>datafixerupper</artifactId> + <version>5.0.28</version> + <scope>provided</scope> + <exclusions> + <exclusion> + <groupId></groupId> + <artifactId></artifactId> + </exclusion> + </exclusions> + </dependency> + <!--Library for listening and sending Minecraft packets--> <dependency> <groupId>com.comphenix.protocol</groupId> diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java index 556def1..4f4af4d 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/BukkitLoginSession.java @@ -26,6 +26,7 @@ package com.github.games647.fastlogin.bukkit; import com.github.games647.craftapi.model.skin.SkinProperty; +import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.LoginSession; @@ -42,30 +43,33 @@ public class BukkitLoginSession extends LoginSession { private final byte[] verifyToken; + private final ClientPublicKey clientPublicKey; + private boolean verified; private SkinProperty skinProperty; - public BukkitLoginSession(String username, byte[] verifyToken, boolean registered + public BukkitLoginSession(String username, byte[] verifyToken, ClientPublicKey publicKey, boolean registered , StoredProfile profile) { super(username, registered, profile); + this.clientPublicKey = publicKey; this.verifyToken = verifyToken.clone(); } //available for BungeeCord public BukkitLoginSession(String username, boolean registered) { - this(username, EMPTY_ARRAY, registered, null); + this(username, EMPTY_ARRAY, null, registered, null); } //cracked player public BukkitLoginSession(String username, StoredProfile profile) { - this(username, EMPTY_ARRAY, false, profile); + this(username, EMPTY_ARRAY, null, false, profile); } //ProtocolSupport public BukkitLoginSession(String username, boolean registered, StoredProfile profile) { - this(username, EMPTY_ARRAY, registered, profile); + this(username, EMPTY_ARRAY, null, registered, profile); } / @@ -79,6 +83,10 @@ public class BukkitLoginSession extends LoginSession { return verifyToken.clone(); } + public ClientPublicKey getClientPublicKey() { + return clientPublicKey; + } + / * @return premium skin if available / diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java index 956a60f..713fa68 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java @@ -27,6 +27,7 @@ package com.github.games647.fastlogin.bukkit.listener.protocollib; import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import com.google.common.io.Resources; +import com.google.common.primitives.Longs; import java.io.IOException; import java.math.BigInteger; @@ -115,9 +116,9 @@ class EncryptionUtil { /* * Generate the server id based on client and server data. * - * @param sessionId session for the current login attempt + * @param sessionId session for the current login attempt * @param sharedSecret shared secret between the client and the server - * @param publicKey public key of the server + * @param publicKey public key of the server * @return the server id formatted as a hexadecimal string. / public static String getServerIdHashString(String sessionId, SecretKey sharedSecret, PublicKey publicKey) { @@ -136,7 +137,7 @@ class EncryptionUtil { Decrypts the content and extracts the key spec. * * @param privateKey private server key - * @param sharedKey the encrypted shared key + * @param sharedKey the encrypted shared key * @return shared secret key * @throws GeneralSecurityException if it fails to decrypt the data / @@ -151,10 +152,20 @@ class EncryptionUtil { return false; } - Signature signature = Signature.getInstance("SHA1withRSA"); - signature.initVerify(mojangSessionKey); - signature.update(toSignable(clientKey).getBytes(StandardCharsets.US_ASCII)); - return signature.verify(clientKey.getSignature()); + Signature verifier = Signature.getInstance("SHA1withRSA"); + verifier.initVerify(mojangSessionKey); + verifier.update(toSignable(clientKey).getBytes(StandardCharsets.US_ASCII)); + return verifier.verify(clientKey.getSignature()); + } + + public static boolean verifySignedNonce(byte[] nonce, PublicKey clientKey, long signatureSalt, byte[] signature) + throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { + Signature verifier = Signature.getInstance("SHA256withRSA"); + verifier.initVerify(clientKey); + + verifier.update(nonce); + verifier.update(Longs.toByteArray(signatureSalt)); + return verifier.verify(signature); } private static PublicKey loadMojangSessionKey() @@ -183,7 +194,7 @@ class EncryptionUtil { Decrypted the given data using the cipher. * * @param cipher decryption cypher initialized with the private key - * @param data the encrypted data + * @param data the encrypted data * @return clear text data * @throws GeneralSecurityException if it fails to decrypt the data / @@ -194,7 +205,7 @@ class EncryptionUtil { } private static byte[] getServerIdHash(String sessionId, PublicKey publicKey, SecretKey sharedSecret) - throws NoSuchAlgorithmException { + throws NoSuchAlgorithmException { // byte[] a(String var0, PublicKey var1, SecretKey var2) MessageDigest digest = MessageDigest.getInstance("SHA-1"); diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java index f0a4083..485c065 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/NameCheckTask.java @@ -27,21 +27,25 @@ package com.github.games647.fastlogin.bukkit.listener.protocollib; import com.comphenix.protocol.ProtocolLibrary; import com.comphenix.protocol.events.PacketEvent; +import com.comphenix.protocol.wrappers.BukkitConverters; +import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData; import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; import com.github.games647.fastlogin.bukkit.event.BukkitFastLoginPreLoginEvent; +import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import com.github.games647.fastlogin.core.StoredProfile; import com.github.games647.fastlogin.core.shared.JoinManagement; import com.github.games647.fastlogin.core.shared.event.FastLoginPreLoginEvent; import java.security.PublicKey; +import java.util.Optional; import java.util.Random; import org.bukkit.command.CommandSender; import org.bukkit.entity.Player; public class NameCheckTask extends JoinManagement<Player, CommandSender, ProtocolLibLoginSource> - implements Runnable { + implements Runnable { private final FastLoginBukkit plugin; private final PacketEvent packetEvent; @@ -67,7 +71,9 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco @Override public void run() { try { - super.onLogin(username, new ProtocolLibLoginSource(player, random, publicKey)); + Optional<WrappedProfileKeyData> publicKey = packetEvent.getPacket().getOptionals(BukkitConverters.getWrappedPublicKeyDataConverter()).read(0); + + super.onLogin(username, new ProtocolLibLoginSource(player, random, publicKey.get(), this.publicKey)); } finally { ProtocolLibrary.getProtocolManager().getAsynchronousManager().signalPacketTransmission(packetEvent); } @@ -85,7 +91,7 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L161 @Override public void requestPremiumLogin(ProtocolLibLoginSource source, StoredProfile profile - , String username, boolean registered) { + , String username, boolean registered) { try { source.enableOnlinemode(); } catch (Exception ex) { @@ -97,8 +103,10 @@ public class NameCheckTask extends JoinManagement<Player, CommandSender, Protoco core.getPendingLogin().put(ip + username, new Object()); byte[] verify = source.getVerifyToken(); + WrappedProfileKeyData key = source.getClientPublicKey(); + ClientPublicKey clientKey = new ClientPublicKey(key.getExpireTime(), key.getKey(), key.getSignature()); - BukkitLoginSession playerSession = new BukkitLoginSession(username, verify, registered, profile); + BukkitLoginSession playerSession = new BukkitLoginSession(username, verify, clientKey, registered, profile); plugin.putSession(player.getAddress(), playerSession); //cancel only if the player has a paid account otherwise login as normal offline player synchronized (packetEvent.getAsyncMarker().getProcessingLock()) { diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index 27c0335..a3bb3d0 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -30,6 +30,7 @@ import com.comphenix.protocol.ProtocolLibrary; import com.comphenix.protocol.events.PacketAdapter; import com.comphenix.protocol.events.PacketContainer; import com.comphenix.protocol.events.PacketEvent; +import com.comphenix.protocol.reflect.FuzzyReflection; import com.comphenix.protocol.wrappers.WrappedGameProfile; import com.comphenix.protocol.wrappers.WrappedProfilePublicKey; import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData; @@ -38,6 +39,7 @@ import com.github.games647.fastlogin.bukkit.FastLoginBukkit; import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import com.github.games647.fastlogin.core.antibot.AntiBotService; import com.github.games647.fastlogin.core.antibot.AntiBotService.Action; +import com.mojang.datafixers.util.Either; import java.net.InetSocketAddress; import java.security.InvalidKeyException; @@ -139,9 +141,24 @@ public class ProtocolLibListener extends PacketAdapter { plugin.getLog().warn("GameProfile {} tried to send encryption response at invalid state", sender.getAddress()); sender.kickPlayer(plugin.getCore().getMessage("invalid-request")); } else { - packetEvent.getAsyncMarker().incrementProcessingDelay(); - Runnable verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, session, sharedSecret, keyPair); - plugin.getScheduler().runAsync(verifyTask); + Either<byte[], ?> either = packetEvent.getPacket().getSpecificModifier(Either.class).read(0); + Object signatureData = either.right().get(); + long salt = FuzzyReflection.getFieldValue(signatureData, Long.TYPE, true); + byte[] signature = FuzzyReflection.getFieldValue(signatureData, byte[].class, true); + + BukkitLoginSession session = plugin.getSession(sender.getAddress()); + PublicKey publicKey = session.getClientPublicKey().getKey(); + try { + if (EncryptionUtil.verifySignedNonce(session.getVerifyToken(), publicKey, salt, signature)) { + packetEvent.getAsyncMarker().incrementProcessingDelay(); + Runnable verifyTask = new VerifyResponseTask(plugin, packetEvent, sender, sharedSecret, keyPair); + plugin.getScheduler().runAsync(verifyTask); + } else { + sender.kickPlayer("Invalid signature"); + } + } catch (NoSuchAlgorithmException \| InvalidKeyException \| SignatureException e) { + sender.kickPlayer("Invalid signature"); + } } } diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java index dd191f1..d87b602 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibLoginSource.java @@ -30,6 +30,7 @@ import com.comphenix.protocol.ProtocolManager; import com.comphenix.protocol.events.PacketContainer; import com.comphenix.protocol.reflect.StructureModifier; import com.comphenix.protocol.wrappers.WrappedChatComponent; +import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData; import com.github.games647.fastlogin.core.shared.LoginSource; import java.lang.reflect.InvocationTargetException; @@ -48,15 +49,18 @@ class ProtocolLibLoginSource implements LoginSource { private final Player player; private final Random random; + + private final WrappedProfileKeyData clientPublicKey; private final PublicKey publicKey; private final String serverId = ""; private byte[] verifyToken; - public ProtocolLibLoginSource(Player player, Random random, PublicKey publicKey) { + public ProtocolLibLoginSource(Player player, Random random, WrappedProfileKeyData clientPublicKey, PublicKey serverPublicKey) { this.player = player; this.random = random; - this.publicKey = publicKey; + this.clientPublicKey = clientPublicKey; + this.publicKey = serverPublicKey; } @Override @@ -109,6 +113,10 @@ class ProtocolLibLoginSource implements LoginSource { return player.getAddress(); } + public WrappedProfileKeyData getClientPublicKey() { + return clientPublicKey; + } + public String getServerId() { return serverId; } diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java index e974b09..d13a5c9 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/VerifyResponseTask.java @@ -29,12 +29,15 @@ import com.comphenix.protocol.ProtocolLibrary; import com.comphenix.protocol.events.PacketContainer; import com.comphenix.protocol.events.PacketEvent; import com.comphenix.protocol.injector.temporary.TemporaryPlayerFactory; +import com.comphenix.protocol.reflect.EquivalentConverter; import com.comphenix.protocol.reflect.FieldUtils; import com.comphenix.protocol.reflect.FuzzyReflection; import com.comphenix.protocol.utility.MinecraftReflection; import com.comphenix.protocol.utility.MinecraftVersion; +import com.comphenix.protocol.wrappers.BukkitConverters; import com.comphenix.protocol.wrappers.WrappedChatComponent; import com.comphenix.protocol.wrappers.WrappedGameProfile; +import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData; import com.github.games647.craftapi.model.auth.Verification; import com.github.games647.craftapi.model.skin.SkinProperty; import com.github.games647.craftapi.resolver.MojangResolver; @@ -120,7 +123,7 @@ public class VerifyResponseTask implements Runnable { } try { - if (!checkVerifyToken(session) \|\| !enableEncryption(loginKey)) { + if (!enableEncryption(loginKey)) { return; } } catch (Exception ex) { @@ -180,23 +183,6 @@ public class VerifyResponseTask implements Runnable { } } - private boolean checkVerifyToken(BukkitLoginSession session) throws GeneralSecurityException { - byte[] requestVerify = session.getVerifyToken(); - //encrypted verify token - byte[] responseVerify = packetEvent.getPacket().getByteArrays().read(1); - - //https://github.com/bergerkiller/CraftSource/blob/master/net.minecraft.server/LoginListener.java#L182 - if (!Arrays.equals(requestVerify, EncryptionUtil.decrypt(serverKey.getPrivate(), responseVerify))) { - //check if the verify-token are equal to the server sent one - disconnect("invalid-verify-token", - "GameProfile {0} ({1}) tried to login with an invalid verify token. Server: {2} Client: {3}", - session.getRequestUsername(), packetEvent.getPlayer().getAddress(), requestVerify, responseVerify); - return false; - } - - return true; - } - //try to get the networkManager from ProtocolLib private Object getNetworkManager() throws IllegalAccessException, ClassNotFoundException { Object injectorContainer = TemporaryPlayerFactory.getInjectorFromPlayer(player); @@ -273,6 +259,9 @@ public class VerifyResponseTask implements Runnable { if (MinecraftVersion.atOrAbove(new MinecraftVersion(1, 19, 0))) { startPacket.getStrings().write(0, username); + + EquivalentConverter<WrappedProfileKeyData> converter = BukkitConverters.getWrappedPublicKeyDataConverter(); + startPacket.getOptionals(converter).write(0, Optional.empty()); } else { //uuid is ignored by the packet definition WrappedGameProfile fakeProfile = new WrappedGameProfile(UUID.randomUUID(), username); diff --git a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/Base64Adapter.java b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/Base64Adapter.java new file mode 100644 index 0000000..c2a2d1a --- /dev/null +++ b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/Base64Adapter.java @@ -0,0 +1,48 @@ +/ + * SPDX-License-Identifier: MIT + * + * The MIT License (MIT) + * + * Copyright (c) 2015-2022 games647 and contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + / +package com.github.games647.fastlogin.bukkit.listener.protocollib; + +import com.google.gson.TypeAdapter; +import com.google.gson.stream.JsonReader; +import com.google.gson.stream.JsonWriter; + +import java.io.IOException; +import java.util.Base64; + +public class Base64Adapter extends TypeAdapter<byte[]> { + + @Override + public void write(JsonWriter out, byte[] value) throws IOException { + var encoded = Base64.getEncoder().encodeToString(value); + out.value(encoded); + } + + @Override + public byte[] read(JsonReader in) throws IOException { + String encoded = in.nextString(); + return Base64.getDecoder().decode(encoded); + } +} diff --git a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java index 904405a..63a24ba 100644 --- a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java +++ b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java @@ -25,6 +25,7 @@ / package com.github.games647.fastlogin.bukkit.listener.protocollib; +import com.github.games647.fastlogin.bukkit.listener.protocollib.SignatureTestData.SignatureData; import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import com.google.common.io.Resources; import com.google.gson.Gson; @@ -36,9 +37,12 @@ import java.io.StringReader; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; import java.security.SecureRandom; +import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.time.Instant; import java.time.temporal.ChronoUnit; @@ -65,7 +69,7 @@ public class EncryptionUtilTest { @Test public void testExpiredClientKey() throws Exception { - var clientKey = loadClientKey("client_keys/valid.json"); + var clientKey = loadClientKey("client_keys/valid_public_key.json"); // Client expires at the exact second mentioned, so use it for verification var expiredTimestamp = clientKey.getExpiry(); @@ -78,7 +82,9 @@ public class EncryptionUtilTest { // expiration date changed should make the signature invalid // expiration should still be valid var clientKey = loadClientKey("client_keys/invalid_wrong_expiration.json"); - assertThat(EncryptionUtil.verifyClientKey(clientKey, clientKey.getExpiry().minus(5, ChronoUnit.HOURS)), is(false)); + Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + + assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false)); } // @Test(expected = Exception.class) @@ -86,31 +92,119 @@ public class EncryptionUtilTest { public void testInvalidChangedKey() throws Exception { // changed public key no longer corresponding to the signature var clientKey = loadClientKey("client_keys/invalid_wrong_key.json"); - assertThat(EncryptionUtil.verifyClientKey(clientKey, clientKey.getExpiry().minus(5, ChronoUnit.HOURS)), is(false)); + Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + + assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false)); } @Test public void testInvalidChangedSignature() throws Exception { // signature modified no longer corresponding to key and expiration date var clientKey = loadClientKey("client_keys/invalid_wrong_signature.json"); - assertThat(EncryptionUtil.verifyClientKey(clientKey, clientKey.getExpiry().minus(5, ChronoUnit.HOURS)), is(false)); + Instant expireTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + + assertThat(EncryptionUtil.verifyClientKey(clientKey, expireTimestamp), is(false)); } @Test public void testValidClientKey() throws Exception { - var clientKey = loadClientKey("client_keys/valid.json"); - + var clientKey = loadClientKey("client_keys/valid_public_key.json"); var verificationTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + assertThat(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp), is(true)); } + @Test + public void testValidSignedNonce() throws Exception { + ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); + PublicKey clientPublicKey = clientKey.getKey(); + + SignatureTestData testData = loadSignatureResource("signature/valid_signature.json"); + byte[] nonce = testData.getNonce(); + SignatureData signature = testData.getSignature(); + long salt = signature.getSalt(); + assertThat(EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature()), is(true)); + } + + @Test + public void testIncorrectNonce() throws Exception { + ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); + PublicKey clientPublicKey = clientKey.getKey(); + + SignatureTestData testData = loadSignatureResource("signature/incorrect_nonce.json"); + byte[] nonce = testData.getNonce(); + SignatureData signature = testData.getSignature(); + long salt = signature.getSalt(); + assertThat(EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature()), is(false)); + } + + @Test + public void testIncorrectSalt() throws Exception { + // client generated + ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); + PublicKey clientPublicKey = clientKey.getKey(); + + SignatureTestData testData = loadSignatureResource("signature/incorrect_salt.json"); + byte[] nonce = testData.getNonce(); + SignatureData signature = testData.getSignature(); + long salt = signature.getSalt(); + assertThat(EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature()), is(false)); + } + + @Test + public void testIncorrectSignature() throws Exception { + // client generated + ClientPublicKey clientKey = loadClientKey("client_keys/valid_public_key.json"); + PublicKey clientPublicKey = clientKey.getKey(); + + SignatureTestData testData = loadSignatureResource("signature/incorrect_signature.json"); + byte[] nonce = testData.getNonce(); + SignatureData signature = testData.getSignature(); + long salt = signature.getSalt(); + assertThat(EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature()), is(false)); + } + + @Test + public void testWrongPublicKeySigned() throws Exception { + // load a different public key + ClientPublicKey clientKey = loadClientKey("client_keys/invalid_wrong_key.json"); + PublicKey clientPublicKey = clientKey.getKey(); + + SignatureTestData testData = loadSignatureResource("signature/valid_signature.json"); + byte[] nonce = testData.getNonce(); + SignatureData signature = testData.getSignature(); + long salt = signature.getSalt(); + assertThat(EncryptionUtil.verifySignedNonce(nonce, clientPublicKey, salt, signature.getSignature()), is(false)); + } + + private SignatureTestData loadSignatureResource(String resourceName) throws IOException { + var keyUrl = Resources.getResource(resourceName); + var encodedSignature = Resources.toString(keyUrl, StandardCharsets.US_ASCII); + + return new Gson().fromJson(encodedSignature, SignatureTestData.class); + } + + private RSAPrivateKey parsePrivateKey(String keySpec) + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { + try ( + Reader reader = new StringReader(keySpec); + PemReader pemReader = new PemReader(reader) + ) { + PemObject pemObject = pemReader.readPemObject(); + byte[] content = pemObject.getContent(); + var privateKeySpec = new PKCS8EncodedKeySpec(content); + + var factory = KeyFactory.getInstance("RSA"); + return (RSAPrivateKey) factory.generatePrivate(privateKeySpec); + } + } + private ClientPublicKey loadClientKey(String path) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException { var keyUrl = Resources.getResource(path); - var gson = new Gson(); var lines = Resources.toString(keyUrl, StandardCharsets.US_ASCII); - var object = gson.fromJson(lines, JsonObject.class); + var object = new Gson().fromJson(lines, JsonObject.class); Instant expires = Instant.parse(object.getAsJsonPrimitive("expires_at").getAsString()); String key = object.getAsJsonPrimitive("key").getAsString(); @@ -120,10 +214,10 @@ public class EncryptionUtilTest { return new ClientPublicKey(expires, publicKey, signature); } - private RSAPublicKey parsePublicKey(String lines) + private RSAPublicKey parsePublicKey(String keySpec) throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { try ( - Reader reader = new StringReader(lines); + Reader reader = new StringReader(keySpec); PemReader pemReader = new PemReader(reader) ) { PemObject pemObject = pemReader.readPemObject(); diff --git a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SignatureTestData.java b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SignatureTestData.java new file mode 100644 index 0000000..8ea85f6 --- /dev/null +++ b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/SignatureTestData.java @@ -0,0 +1,60 @@ +/* + * SPDX-License-Identifier: MIT + * + * The MIT License (MIT) + * + * Copyright (c) 2015-2022 games647 and contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + / +package com.github.games647.fastlogin.bukkit.listener.protocollib; + +import com.google.gson.annotations.JsonAdapter; + +public class SignatureTestData { + + @JsonAdapter(Base64Adapter.class) + private byte[] nonce; + + private SignatureData signature; + + public byte[] getNonce() { + return nonce; + } + + public SignatureData getSignature() { + return signature; + } + + public static class SignatureData { + + private long salt; + + @JsonAdapter(Base64Adapter.class) + private byte[] signature; + + public long getSalt() { + return salt; + } + + public byte[] getSignature() { + return signature; + } + } +} diff --git a/bukkit/src/test/resources/client_keys/README.md b/bukkit/src/test/resources/client_keys/README.md new file mode 100644 index 0000000..1165e23 --- /dev/null +++ b/bukkit/src/test/resources/client_keys/README.md @@ -0,0 +1,27 @@ +# About + +This contains test resources for the unit tests. The file are extracted from the Minecraft directory with slight +modifications. The files are found in `$MINECRAFT_HOME$/profilekeys/`, where `$MINECRAFT_HOME$` represents the +OS-dependent minecraft folder. + +Notable the files in this folder do not contain the private key information. It should be explicitly +stripped before including it.* + +## Minecraft folder + +* Windows: `%appdata%\.minecraft` +* Linux: `/home/username/.minecraft` +* Mac: `~/Library/Application Support/minecraft` + +## Directory structure + +* `invalid_wrong_expiration.json`: Changed the expiration date +* `invalid_wrong_key.json`: Modified public key while keeping the RSA structure valid +* `invalid_wrong_signature.json`: Changed a character in the public key signature +* `valid_public_key.json`: Extracted from actual file + +## File content + +* `expires_at`: Expiration date +* `key`: Public key from the original file out of `public_key.key` +* `signature`: Mojang signed signature of this public key diff --git a/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json b/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json index 7ecc12e..ea509fe 100644 --- a/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json +++ b/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json @@ -1,5 +1,5 @@ { - "expires_at": "2022-06-12T09:46:26.421156927Z", - "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU4I+xm\nDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/\n33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZ\nOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF\n4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWc\nPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", - "signature": "BYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" + "expires_at": "2022-06-20T07:31:47.318722344Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU=" } diff --git a/bukkit/src/test/resources/client_keys/invalid_wrong_key.json b/bukkit/src/test/resources/client_keys/invalid_wrong_key.json index 37bb3ad..98ea33f 100644 --- a/bukkit/src/test/resources/client_keys/invalid_wrong_key.json +++ b/bukkit/src/test/resources/client_keys/invalid_wrong_key.json @@ -1,5 +1,5 @@ { - "expires_at": "2022-06-12T10:46:26.421156927Z", + "expires_at": "2022-06-20T08:31:47.318722344Z", "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU3I+xmDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWcPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", - "signature": "BYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" + "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU=" } diff --git a/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json b/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json index cbca4b1..2b80c2c 100644 --- a/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json +++ b/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json @@ -1,5 +1,5 @@ { - "expires_at": "2022-06-12T10:46:26.421156927Z", - "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU4I+xm\nDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/\n33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZ\nOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF\n4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWc\nPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", - "signature": "bYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" + "expires_at": "2022-06-20T08:31:47.318722344Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "lfRxK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU=" } diff --git a/bukkit/src/test/resources/client_keys/valid.json b/bukkit/src/test/resources/client_keys/valid.json deleted file mode 100644 index a2d6a41..0000000 --- a/bukkit/src/test/resources/client_keys/valid.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "expires_at": "2022-06-12T10:46:26.421156927Z", - "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU4I+xmDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWcPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", - "signature": "BYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" -} diff --git a/bukkit/src/test/resources/client_keys/valid_public_key.json b/bukkit/src/test/resources/client_keys/valid_public_key.json new file mode 100644 index 0000000..8943e87 --- /dev/null +++ b/bukkit/src/test/resources/client_keys/valid_public_key.json @@ -0,0 +1,5 @@ +{ + "expires_at": "2022-06-20T08:31:47.318722344Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd3ZxDhcRWWru1XEBke6uYqmbnS2Oxyk\nOMj+QDKrkwUqhVJYciyXGsMx46Mgr/KIoGCcokP5OtIxc6+69/ZLqJ9PvM81kLIxAqyvfBMKMGjP\n376LgxTF1FeDpbe5zXaNRxfmnvQhS5YTLbzgk36qWVjqxJMG4VLVmh7RV5zWsb7XlckZb2zRHM2Y\nMHbEC+ggX+l6zQyfG1KK0MH5k+O6b0xD0rv1wm24sLOesTXH6RZG8cNE3ofdnavxjFodTOnra6w1\naiVcoUTdEPSS86wQwq9j0YCcAKOwMXsqbk9NhpujrdyJ94dev+ELwkNS7P0pPrcfiyFTQeJCZTXz\nJB36MwIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "lfRXK4zL213wBKg760eiPV7yvnLZ6a6v9Iohmw78yxIzqXO3tfrC5Z+P2LGiO1BdI4xckx8yz4ktn82zX97+r2zktBw0As7g71H/FjInpoZ76j3gMUaiFNrQJ0vKCCI7xsjonemroWAVDCAqlvdyqwUu/Fnz85+WoR2kCQ721vwy6IjWA3xhq8XrWjkI/AlBmoS/kVqnvjjjc9vocdddJXbUYzCse/hWWIbsFeBXyiGCd3v7apgtXwQfM++tt87fq7444zQskiYb14oQP8/uNwqZWQ9jAs00i1BZ0MNM6+TZYGHOfS6rbHZ1bcX34VZdcCwpapK/Z2HBRIgDN4QOcgJkyq1GcjvlM2wjfhN8gXTsmbF9Ee+5Y6a4ONRkxRZK2sT8oAXdm0OlTEGB0P0+WRRFOQ/PnRqbI7lvANao2METT2EUHHrtqFMe53kqCHdzy5qyuHxdCEa6l/gSR08fybx9DdRRmhOlhSPGxhgwqyi1fEMrN4CsSKNrv5u+sMqhspA05b3DQJeLDX+UV5ujRHwm0A49NF+h1ZYlrcefz5IMUUisOOw6HiLc/YGLD2jHwSePGdfMwMnrIxbxjCta7/7A91aaN7eYm16KW9erCOwAfJmBSQC6Pbmg5f7rd7rAKVOPxglq7nayXmd+BK53Mal5tltMSgd/0iY6SEtGSEU=" +} diff --git a/bukkit/src/test/resources/signature/README.md b/bukkit/src/test/resources/signature/README.md new file mode 100644 index 0000000..cc603bc --- /dev/null +++ b/bukkit/src/test/resources/signature/README.md @@ -0,0 +1,16 @@ +# About + +This contains test resources for the unit tests. Files in this folder include pre-made cryptographic signatures. + +## Directory structure + +* `valid_signature.json`: Extracted using packet extract from actual authentication +* `incorrect_nonce.json`: Different nonce token simulating that the server expected a different token than signed +* `incorrect_salt.json`: Salt sent is different to the content signed by the signature (changed salt field) +* `incorrect_signature.json`: Changed signature + +## File content + +* `nonce`: Server generated nonce token +* `salt`: Client generated random token +* `signature`: Nonce and salt signed using the client key from `valid_public_key.json` diff --git a/bukkit/src/test/resources/signature/incorrect_nonce.json b/bukkit/src/test/resources/signature/incorrect_nonce.json new file mode 100644 index 0000000..b88c0f5 --- /dev/null +++ b/bukkit/src/test/resources/signature/incorrect_nonce.json @@ -0,0 +1,7 @@ +{ + "nonce": "galNig\u003d\u003d", + "signature": { + "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d", + "salt": -2985008842905108412 + } +} diff --git a/bukkit/src/test/resources/signature/incorrect_salt.json b/bukkit/src/test/resources/signature/incorrect_salt.json new file mode 100644 index 0000000..8edffb6 --- /dev/null +++ b/bukkit/src/test/resources/signature/incorrect_salt.json @@ -0,0 +1,7 @@ +{ + "nonce": "GalNig\u003d\u003d", + "signature": { + "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d", + "salt": -1985008842905108412 + } +} diff --git a/bukkit/src/test/resources/signature/incorrect_signature.json b/bukkit/src/test/resources/signature/incorrect_signature.json new file mode 100644 index 0000000..ba6bac5 --- /dev/null +++ b/bukkit/src/test/resources/signature/incorrect_signature.json @@ -0,0 +1,7 @@ +{ + "nonce": "GalNig\u003d\u003d", + "signature": { + "signature": "jlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d", + "salt": -2985008842905108412 + } +} diff --git a/bukkit/src/test/resources/signature/valid_signature.json b/bukkit/src/test/resources/signature/valid_signature.json new file mode 100644 index 0000000..7f4f4ad --- /dev/null +++ b/bukkit/src/test/resources/signature/valid_signature.json @@ -0,0 +1,7 @@ +{ + "nonce": "GalNig\u003d\u003d", + "signature": { + "signature": "JlXAUtIGDjxUOnF5vkg/NUEN2wlzXcqADyYIw2WRTb5hgKwIgxyUPO5v/2M7xU3hxz2Zf0iYHM97h8qNMGQ43cLgfVH9VWZ1kGMuOby2LNSb6nDaMzm0b02ftThaWOWj9kJXbR8fN7qdpB+28t2CTW5ILT+2AZYI/Sn8gFFR+LvJJt1ENMfEj2ZIIkHecpNBuKyLz1aDCZ5BEASSLfAqHEAA3dpHV1DIgzfpO6xwo7bVFDtcBEeusl/Nc3KyGyT8sDFTsZWgitgz53xNKrZUK8Q2BaJfP0zrGAX36rpYURJSVD0AtI1ic9s5aG+OFUC1YhLXb/1cDv37ZjHcdV2ppw\u003d\u003d", + "salt": -2985008842905108412 + } +}	2022-06-28 18:34:22 +02:00
games647	bc7c4eea60	Use PublicKey instead of byte representation	2022-06-28 18:34:22 +02:00
games647	456342c686	Migrate to ProtocolLib field extractors for better compatibility diff --git a/bukkit/pom.xml b/bukkit/pom.xml index c4caae8..9b3c5c5 100644 --- a/bukkit/pom.xml +++ b/bukkit/pom.xml @@ -183,7 +183,7 @@ <dependency> <groupId>com.comphenix.protocol</groupId> <artifactId>ProtocolLib</artifactId> - <version>5.0.0-20220603.031413-2</version> + <version>5.0.0-SNAPSHOT</version> <scope>provided</scope> <exclusions> <exclusion> diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index c9e72fc..3c66e7b 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -27,12 +27,12 @@ package com.github.games647.fastlogin.bukkit.listener.protocollib; import com.comphenix.protocol.PacketType; import com.comphenix.protocol.ProtocolLibrary; -import com.comphenix.protocol.events.InternalStructure; import com.comphenix.protocol.events.PacketAdapter; import com.comphenix.protocol.events.PacketContainer; import com.comphenix.protocol.events.PacketEvent; -import com.comphenix.protocol.reflect.FuzzyReflection; import com.comphenix.protocol.wrappers.WrappedGameProfile; +import com.comphenix.protocol.wrappers.WrappedProfilePublicKey; +import com.comphenix.protocol.wrappers.WrappedProfilePublicKey.WrappedProfileKeyData; import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; @@ -47,7 +47,6 @@ import java.security.PublicKey; import java.security.SecureRandom; import java.security.SignatureException; import java.time.Instant; -import java.util.Optional; import org.bukkit.entity.Player; @@ -171,15 +170,15 @@ public class ProtocolLibListener extends PacketAdapter { } private boolean verifyPublicKey(PacketContainer packet) { - Optional<InternalStructure> internalStructure = packet.getOptionalStructures().readSafely(0); - if (internalStructure == null) { + WrappedProfileKeyData profileKey = packet.getProfilePublicKeys().optionRead(0) + .map(WrappedProfilePublicKey::getKeyData).orElse(null); + if (profileKey == null) { return true; } - Object instance = internalStructure.get().getHandle(); - Instant expires = FuzzyReflection.getFieldValue(instance, Instant.class, true); - PublicKey key = FuzzyReflection.getFieldValue(instance, PublicKey.class, true); - byte[] signature = FuzzyReflection.getFieldValue(instance, byte[].class, true); + Instant expires = profileKey.getExpireTime(); + PublicKey key = profileKey.getKey(); + byte[] signature = profileKey.getSignature(); ClientPublicKey clientKey = new ClientPublicKey(expires, key.getEncoded(), signature); try { return EncryptionUtil.verifyClientKey(clientKey, Instant.now());	2022-06-28 18:34:22 +02:00
games647	e85d0d3f0e	Add session key to plugin	2022-06-28 18:34:22 +02:00
games647	d6c6108a7e	Do not modify certificate file during packaging phase	2022-06-28 18:34:22 +02:00
games647	d353ac66ab	Verify public keys from players diff --git a/bukkit/pom.xml b/bukkit/pom.xml index 2e1ccc4..c4caae8 100644 --- a/bukkit/pom.xml +++ b/bukkit/pom.xml @@ -119,9 +119,6 @@ <repository> <id>dmulloy2-repo</id> <url>https://repo.dmulloy2.net/repository/public/</url> - <snapshots> - <enabled>false</enabled> - </snapshots> </repository> <!-- AuthMe Reloaded, xAuth and LoginSecurity --> @@ -186,7 +183,7 @@ <dependency> <groupId>com.comphenix.protocol</groupId> <artifactId>ProtocolLib</artifactId> - <version>5.0.0-SNAPSHOT</version> + <version>5.0.0-20220603.031413-2</version> <scope>provided</scope> <exclusions> <exclusion> @@ -351,5 +348,12 @@ <scope>system</scope> <systemPath>${project.basedir}/lib/UltraAuth v2.1.2.jar</systemPath> </dependency> + + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk18on</artifactId> + <version>1.71</version> + <scope>test</scope> + </dependency> </dependencies> </project> diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java index 1197514..143dda9 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtil.java @@ -25,15 +25,28 @@ / package com.github.games647.fastlogin.bukkit.listener.protocollib; +import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; +import com.google.common.io.Resources; + +import java.io.IOException; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; +import java.time.Instant; +import java.util.Base64; +import java.util.Base64.Encoder; import java.util.Random; import javax.crypto.Cipher; @@ -46,11 +59,25 @@ import javax.crypto.spec.SecretKeySpec; * @see net.minecraft.server.MinecraftEncryption / -public class EncryptionUtil { +class EncryptionUtil { public static final int VERIFY_TOKEN_LENGTH = 4; public static final String KEY_PAIR_ALGORITHM = "RSA"; + private static final int RSA_LENGTH = 1_024; + + private static final PublicKey mojangSessionKey; + private static final int LINE_LENGTH = 76; + private static final Encoder KEY_ENCODER = Base64.getMimeEncoder(LINE_LENGTH, "\n".getBytes(StandardCharsets.UTF_8)); + + static { + try { + mojangSessionKey = loadMojangSessionKey(); + } catch (IOException \| NoSuchAlgorithmException \| InvalidKeySpecException ex) { + throw new RuntimeException("Failed to load Mojang session key", ex); + } + } + private EncryptionUtil() { // utility } @@ -65,7 +92,7 @@ public class EncryptionUtil { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_PAIR_ALGORITHM); - keyPairGenerator.initialize(1_024); + keyPairGenerator.initialize(RSA_LENGTH); return keyPairGenerator.generateKeyPair(); } catch (NoSuchAlgorithmException nosuchalgorithmexception) { // Should be existing in every vm @@ -120,6 +147,33 @@ public class EncryptionUtil { return new SecretKeySpec(decrypt(privateKey, sharedKey), "AES"); } + public static boolean verifyClientKey(ClientPublicKey clientKey, Instant verifyTimstamp) + throws SignatureException, NoSuchAlgorithmException, InvalidKeyException { + if (!verifyTimstamp.isBefore(clientKey.getExpiry())) { + return false; + } + + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initVerify(mojangSessionKey); + signature.update(toSignable(clientKey).getBytes(StandardCharsets.US_ASCII)); + return signature.verify(clientKey.getSignature()); + } + + private static PublicKey loadMojangSessionKey() + throws IOException, NoSuchAlgorithmException, InvalidKeySpecException { + var keyUrl = Resources.getResource("yggdrasil_session_pubkey.der"); + var keyData = Resources.toByteArray(keyUrl); + var keySpec = new X509EncodedKeySpec(keyData); + + return KeyFactory.getInstance("RSA").generatePublic(keySpec); + } + + private static String toSignable(ClientPublicKey clientPublicKey) { + long expiry = clientPublicKey.getExpiry().toEpochMilli(); + String encoded = KEY_ENCODER.encodeToString(clientPublicKey.getKey()); + return expiry + "-----BEGIN RSA PUBLIC KEY-----\n" + encoded + "\n-----END RSA PUBLIC KEY-----\n"; + } + public static byte[] decrypt(PrivateKey key, byte[] data) throws GeneralSecurityException { // b(Key var0, byte[] var1) Cipher cipher = Cipher.getInstance(key.getAlgorithm()); diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java index f8b8de2..c9e72fc 100644 --- a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/ProtocolLibListener.java @@ -27,18 +27,27 @@ package com.github.games647.fastlogin.bukkit.listener.protocollib; import com.comphenix.protocol.PacketType; import com.comphenix.protocol.ProtocolLibrary; +import com.comphenix.protocol.events.InternalStructure; import com.comphenix.protocol.events.PacketAdapter; import com.comphenix.protocol.events.PacketContainer; import com.comphenix.protocol.events.PacketEvent; -import com.github.games647.fastlogin.bukkit.BukkitLoginSession; +import com.comphenix.protocol.reflect.FuzzyReflection; import com.comphenix.protocol.wrappers.WrappedGameProfile; +import com.github.games647.fastlogin.bukkit.BukkitLoginSession; import com.github.games647.fastlogin.bukkit.FastLoginBukkit; +import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; import com.github.games647.fastlogin.core.antibot.AntiBotService; import com.github.games647.fastlogin.core.antibot.AntiBotService.Action; import java.net.InetSocketAddress; +import java.security.InvalidKeyException; import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; import java.security.SecureRandom; +import java.security.SignatureException; +import java.time.Instant; +import java.util.Optional; import org.bukkit.entity.Player; @@ -149,6 +158,11 @@ public class ProtocolLibListener extends PacketAdapter { username = (String) packetEvent.getPacket().getMeta("original_name").get(); } + if (!verifyPublicKey(packet)) { + plugin.getLog().warn("Invalid public key from player {}", username); + return; + } + plugin.getLog().trace("GameProfile {} with {} connecting", sessionKey, username); packetEvent.getAsyncMarker().incrementProcessingDelay(); @@ -156,6 +170,24 @@ public class ProtocolLibListener extends PacketAdapter { plugin.getScheduler().runAsync(nameCheckTask); } + private boolean verifyPublicKey(PacketContainer packet) { + Optional<InternalStructure> internalStructure = packet.getOptionalStructures().readSafely(0); + if (internalStructure == null) { + return true; + } + + Object instance = internalStructure.get().getHandle(); + Instant expires = FuzzyReflection.getFieldValue(instance, Instant.class, true); + PublicKey key = FuzzyReflection.getFieldValue(instance, PublicKey.class, true); + byte[] signature = FuzzyReflection.getFieldValue(instance, byte[].class, true); + ClientPublicKey clientKey = new ClientPublicKey(expires, key.getEncoded(), signature); + try { + return EncryptionUtil.verifyClientKey(clientKey, Instant.now()); + } catch (SignatureException \| InvalidKeyException \| NoSuchAlgorithmException ex) { + return false; + } + } + private String getUsername(PacketContainer packet) { WrappedGameProfile profile = packet.getGameProfiles().readSafely(0); if (profile == null) { diff --git a/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java new file mode 100644 index 0000000..495adb1 --- /dev/null +++ b/bukkit/src/main/java/com/github/games647/fastlogin/bukkit/listener/protocollib/packet/ClientPublicKey.java @@ -0,0 +1,53 @@ +/ + * SPDX-License-Identifier: MIT + * + * The MIT License (MIT) + * + * Copyright (c) 2015-2022 games647 and contributors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + / +package com.github.games647.fastlogin.bukkit.listener.protocollib.packet; + +import java.time.Instant; + +public class ClientPublicKey { + + private final Instant expiry; + private final byte[] key; + private final byte[] signature; + + public ClientPublicKey(Instant expiry, byte[] key, byte[] signature) { + this.expiry = expiry; + this.key = key; + this.signature = signature; + } + + public Instant getExpiry() { + return expiry; + } + + public byte[] getKey() { + return key; + } + + public byte[] getSignature() { + return signature; + } +} diff --git a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java index 7a097f1..11a52f7 100644 --- a/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java +++ b/bukkit/src/test/java/com/github/games647/fastlogin/bukkit/listener/protocollib/EncryptionUtilTest.java @@ -25,8 +25,27 @@ / package com.github.games647.fastlogin.bukkit.listener.protocollib; +import com.github.games647.fastlogin.bukkit.listener.protocollib.packet.ClientPublicKey; +import com.google.common.io.Resources; +import com.google.gson.Gson; +import com.google.gson.JsonObject; + +import java.io.IOException; +import java.io.Reader; +import java.io.StringReader; +import java.nio.charset.StandardCharsets; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.X509EncodedKeySpec; +import java.time.Instant; +import java.time.temporal.ChronoUnit; +import java.util.Base64; +import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import org.junit.Test; import static org.hamcrest.CoreMatchers.is; @@ -43,4 +62,77 @@ public class EncryptionUtilTest { assertThat(token, notNullValue()); assertThat(token.length, is(4)); } + + @Test + public void testExpiredClientKey() throws Exception { + var clientKey = loadClientKey("client_keys/valid.json"); + + // Client expires at the exact second mentioned, so use it for verification + var expiredTimestamp = clientKey.getExpiry(); + assertThat(EncryptionUtil.verifyClientKey(clientKey, expiredTimestamp), is(false)); + } + + // @Test(expected = Exception.class) + @Test + public void testInvalidChangedExpiration() throws Exception { + // expiration date changed should make the signature invalid + // expiration should still be valid + var clientKey = loadClientKey("client_keys/invalid_wrong_expiration.json"); + assertThat(EncryptionUtil.verifyClientKey(clientKey, clientKey.getExpiry().minus(5, ChronoUnit.HOURS)), is(false)); + } + + // @Test(expected = Exception.class) + @Test + public void testInvalidChangedKey() throws Exception { + // changed public key no longer corresponding to the signature + var clientKey = loadClientKey("client_keys/invalid_wrong_key.json"); + assertThat(EncryptionUtil.verifyClientKey(clientKey, clientKey.getExpiry().minus(5, ChronoUnit.HOURS)), is(false)); + } + + @Test + public void testInvalidChangedSignature() throws Exception { + // signature modified no longer corresponding to key and expiration date + var clientKey = loadClientKey("client_keys/invalid_wrong_signature.json"); + assertThat(EncryptionUtil.verifyClientKey(clientKey, clientKey.getExpiry().minus(5, ChronoUnit.HOURS)), is(false)); + } + + @Test + public void testValidClientKey() throws Exception { + var clientKey = loadClientKey("client_keys/valid.json"); + + var verificationTimestamp = clientKey.getExpiry().minus(5, ChronoUnit.HOURS); + assertThat(EncryptionUtil.verifyClientKey(clientKey, verificationTimestamp), is(true)); + } + + private ClientPublicKey loadClientKey(String path) + throws NoSuchAlgorithmException, IOException, InvalidKeySpecException { + var keyUrl = Resources.getResource(path); + var gson = new Gson(); + + var lines = Resources.toString(keyUrl, StandardCharsets.US_ASCII); + var object = gson.fromJson(lines, JsonObject.class); + + Instant expires = Instant.parse(object.getAsJsonPrimitive("expires_at").getAsString()); + String key = object.getAsJsonPrimitive("key").getAsString(); + RSAPublicKey publicKey = parsePublicKey(key); + + byte[] signature = Base64.getDecoder().decode(object.getAsJsonPrimitive("signature").getAsString()); + return new ClientPublicKey(expires, publicKey.getEncoded(), signature); + } + + private RSAPublicKey parsePublicKey(String lines) + throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { + try ( + Reader reader = new StringReader(lines); + PemReader pemReader = new PemReader(reader) + ) { + + PemObject pemObject = pemReader.readPemObject(); + byte[] content = pemObject.getContent(); + var pubKeySpec = new X509EncodedKeySpec(content); + + var factory = KeyFactory.getInstance("RSA"); + return (RSAPublicKey) factory.generatePublic(pubKeySpec); + } + } } diff --git a/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json b/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json new file mode 100644 index 0000000..7ecc12e --- /dev/null +++ b/bukkit/src/test/resources/client_keys/invalid_wrong_expiration.json @@ -0,0 +1,5 @@ +{ + "expires_at": "2022-06-12T09:46:26.421156927Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU4I+xm\nDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/\n33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZ\nOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF\n4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWc\nPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "BYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" +} diff --git a/bukkit/src/test/resources/client_keys/invalid_wrong_key.json b/bukkit/src/test/resources/client_keys/invalid_wrong_key.json new file mode 100644 index 0000000..37bb3ad --- /dev/null +++ b/bukkit/src/test/resources/client_keys/invalid_wrong_key.json @@ -0,0 +1,5 @@ +{ + "expires_at": "2022-06-12T10:46:26.421156927Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU3I+xmDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWcPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "BYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" +} diff --git a/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json b/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json new file mode 100644 index 0000000..cbca4b1 --- /dev/null +++ b/bukkit/src/test/resources/client_keys/invalid_wrong_signature.json @@ -0,0 +1,5 @@ +{ + "expires_at": "2022-06-12T10:46:26.421156927Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU4I+xm\nDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/\n33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZ\nOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF\n4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWc\nPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "bYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" +} diff --git a/bukkit/src/test/resources/client_keys/valid.json b/bukkit/src/test/resources/client_keys/valid.json new file mode 100644 index 0000000..a2d6a41 --- /dev/null +++ b/bukkit/src/test/resources/client_keys/valid.json @@ -0,0 +1,5 @@ +{ + "expires_at": "2022-06-12T10:46:26.421156927Z", + "key": "-----BEGIN RSA PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOv23jt2QPyab6bPRBwH2ggmzQU4I+xmDpi3X5ZB5Em/4uzyZqNVLJc0gShpk0XsdoB28Nq1bPxczOTBxuXi3rg5ax5gL+iymDSU27DLM8s/33lOofzGPJUEQGKlFm0QelDKZ/q5Y/9inHE3hEJKf7h0tnmGahXFmZSF/nRz9GHnfSYpjtDr9bsZOzQuLhHXT5E4ksNRTFW41h0MlZ1qOhO+NiiVgk7LmgVYiV7RRbgO8U6RaCEqg5n28Ewo6QtzB+DF4NTDeu3E9BLH5G0npdUrVNhdRUWCFDmH6n9hqSIz2J7o6GvWqEvp0h9e/3qtLsoS60hnQXunrcWcPaEIYQIDAQAB\n-----END RSA PUBLIC KEY-----\n", + "signature": "BYv2mKJvz5O3Wo5V5sbJI0L6zAjfzQSkTNd7ykd/MB7KPPDg4zoTuOqphmh042xz1EYbMcfqEZvP04NTaoZDx+IxGieBB+LuxqnmYKIgtpcR2SEpzbSKznSHkupr1hKwF7kCVWLlwSbxc/XRlWPPyT6FE9m628A/jFb/obgfzLLQWfTFWp6kq2oBoUUQV5om2ihdrJ8oLCsw10SGdcFtK4+UuLzz+wjwv3JpvIX93IKdjFnw0KNd110HOPWZgp2n8+f6GsecysorqvwaE1rJC0m9Qa/wFsK2TY7twSMreCrbXPaBiWrkRovtm9gnaBwD+iuZYlnLvO0ld8qW928LL2vFBTi3TsPUWC3i/xYnAR2m8YP2hiCLHuPfSJmgfxHsM2iRdrR8qdOUkiC9h34STEA7Q2+rWkNWJ+YKYVTIkyqHEuXqU87txhVTaRJi6UDGDn49cMKmZwQnn+23JQf1chcn1YFkrivDaJPhm17GhoEldQHSLQfxb0ifja5WBNDbkKBF/h9JqvG3Ya9anxlyxY6g7/m2zP73xfkvUnejoX4GKjffEqezQmTe9RIeuWyz94nfZNLr0Ps363kAfP4KSW+f4zkTU/UVg19ccAY0ZhiwDetKyksU5WqLO8xMPZ6PNFYhNeBb2yhGdT8PidkRYkC4XBn1k7F7apiNUuZU8aA=" +}	2022-06-28 18:34:21 +02:00

1 2 3 4 5 ...

848 Commits